util.prosodyctl.check: Ensure that libunbound does not check hosts file This fixes wrongly reported DNS problems on some distros where the hosts file contains an entry for the local machine, pointing at a loopback address such as 127.0.1.1 or similar.

util.prosodyctl.check: Deprecate legacy_ssl related options

util.prosodyctl.check: Add support for checking Direct TLS SRV records

mod_c2s: Add a Direct TLS listener This only differs from 'legacy_ssl' in name, at least on the server side. For clients this is the one that uses SRV records.

util.prosodyctl.check: Fix for net.dns vs unbound API difference net.dns returns nil for NXDOMAIN, while net.unbound returns a table with zero items and various status fields.

util.prosodyctl.check: Add knowledge of the global-only 'use_ipv4' setting

mod_http_file_share: Update comment about x-frame-options X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)

CHANGES: Add OpenMetrics changes to Statistics

mod_s2s: Bail if connection is destroyed after attempting to open stream Fixes "attempt to compare number with nil" because `session.version` has been cleared by s2smanager.destroy_session. This can happen with the server_epoll setting opportunistic_writes enabled, which means that it can notice that the connection failed at this point, after which it triggers the whole chain of events that leads to session destruction and "cleaning" most of the session fields.

mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers